I wanted to ask your about something regarding user privacy leakage in the broadcast channels.  As i have been sniffing and testing myself and i found that on the paging requests type 1 IMSI along with TMSI is sent.

I have came to understand that first sending two identifications is the norm, but what i dont understand the high rate of sending IMSI as mobile identification, and as per specification its noted that either TMSI OR IMSI are sent,  so does that by any mean could be a configuration issues from the MSC/VLR side that should be changed, is this the norm? if its the norm, then why using TMSI.

From your experience what are the countermeasures you think that should be taken from the operator side to protect against such information leaks, or there is nothing that an operator can do much for this ?What could be the different cases where the IMSI could be sent ?

Thanks